Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

The NSA acquired hacking tools from French security firm Vupen

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

September 17, 2013

According to new documents unearthed using the Freedom of Information Act, the NSA acquired professional computer and server hacking tools complete with their documentation from French security firm Vupen.

A bonafide contract shows the U.S. security agency paid for a whole year's supply of zero-day vulnerability information and the software needed to exploit those security holes to attack various electronic systems.

The documents, obtained by government transparency and accountability site MuckRock, show that the U.S. intelligence nerve-centre signed up to a one-year subscription to Vupen's “binary analysis and exploits service” in September 2012.

Vupen prides itself on advanced vulnerability research as well as selling software exploits for unpatched flaws in systems - known as zero-days - to governments. Several U.S. defense contractors and security startups, such as Endgame Systems, are also in the business of privately researching and selling information about software security vulnerabilities and associated attack code.

That U.S. government organizations may be among Vupen's customers' list isn't a surprise to most people in the internet security industry. The NSA, even though it has advanced offensive cybersecurity capabilities, not least in the shape of its Tailored Access Operations cyber-espionage unit, might still find it valuable to tap into external help from commercial providers such as Vupen.

"Likely reasons for NSA's subscription to Vupen's 0-day exploits could be-- 1) know what capabilities other governments can buy, and, 2) false flag, deniable cyber-ops," writes Christopher Soghoian, principal technologist and senior policy analyst at the American Civil Liberties Union.

"There are specific times when U.S. special forces use AK-47s, even though they have superior guns available. It's the same for the NSA's Vupen purchase. Deniability," he added.

Soghoian, who delivered a presentation about the exploit vulnerability marketplace at the recent Virus Bulletin conference, has previously likened the trade in software exploits to a trade in conventional weapons - think bullets, bombs and rockets.

In other internet security news

Earlier this year, it was revealed in the media how a massive security breach accidentally allowed access to thousands of images of people suspected of petty crimes.

Now it is reavealed that the private company behind that CCTV and image database is claiming its technology has led to the arrest of over one hundred suspects.

London's Metropolitan Police has spent the past twelve months working with Facewatch, a website where business owners can communicate with each other and the police to share information about potential criminals.

Facewatch streamlines the process of handing CCTV footage, snapshots, incident forms and other evidence to police and law enforment agencies.

The system's creators say the police force in London had already made 100 arrests using Facewatch and expects many more as businesses around the capital begin to use it on a larger scale.

However, they had no numbers on the estimate of convictions so far that arose from those arrests, but nevertheless, the site is proving to be a great tool at reducing crime.

Some 7,500 businesses and an additional eight police forces across Britain are also using Facewatch, which the company hopes will become a key part of the U.K.'s police armoury of crime-fighting tools.

Additionally, about 800 museums are also using the system, including London's V&A and the Ashmolean in Oxford, according to the company. was invited last week to have a look at the latest build of Facewatch at the firm's headquarters near Embankment station in London.

Facewatch allows businesses to quickly upload footage or snapshots of suspicious individuals to the website. Customers can also use a neat process similar to Apple's screenshot command to zoom in and cut out a frame of footage on screen and then upload it to the site's servers.

This effectively removes two of the current hurdles which prevent police making the best use of any CCTV footage-- 1) The need to physically collect footage from a business and 2) Needing the correct codecs to actually view the footage once people have brought it back into the station.

Each piece of intelligence (the term Facewatch uses for its uploads) is individually tagged and indexed. This allows it to be shared with local businesses, allowing them to quickly identify potential criminals and collate evidence which could lead to a conviction.

When a crime is reported, the business is emailed at each stage of the police investigation, allowing it to keep an eye on how the case is proceeding through the system.

According to Facewatch, this results in a detection rate of about 15 percent, higher than the 5 percent rate of most crimes. Facewatch only focuses on low-level crime, such as theft or antisocial behavior, and isn't designed to take on serious crimes such as DUI, embezzlement, car theft, murder, rape or drug offences.

Simon Gordon, the system's founder, said he was inspired to begin developing the system after becoming frustrated at the number of purse and wallet thefts at Gordon's Wine Bar, which he also owns.

The famous London wine bar is a fitting place to run a surveillance system, says Gordon, as it was once known as a meeting place for spies from either side of the Russian curtain back in the late sixties and early seventies.

Gordon said-- "The old system of using CCTV footage in criminal investigations was very inefficient. We allow businesses to give intelligence directly to police, but also we then get updates on how the investigation is proceeding and when more details can be provided moving forward.

"We want to help the victims of crime by speeding up the investigation, while providing more details in the process. Police don't have to waste time taking reports in person and are freed up to actually catch the criminal, instead of the tedious process of gathering initial information."

Facewatch is currently working on facial recognition software, which will soon be tested in a shopping centre in Hampshire. Detective Chief Inspector Mick Neville, head of the Met's central forensics image team at New Scotland Yard, said-- "Facewatch image submissions to the Metropolitan Police are on the increase and this has led to more prolific thieves being brought to justice."

"Just this week for example I have seen five persistent offenders identified thanks to Facewatch," Neville added during our interview.

Additionally, this is helping to make London safer for businesses and their customers. The more images and footage we get from the public, the more success we will have in catching criminals caught on camera."

Facewatch is also preparing to launch a new mobile app which will allow victims of crime to report the incident themselves. It already offers a “rogues gallery” app, allowing the public and businesses to identify and name various suspects.

Previous figures show that CCTV has so far been a spectacularly inefficient way to catch criminals, with just one single crime in London solved per 1,000 surveillance cameras.

A Metropolitan Police spokeswoman added-- "The London Metropolitan Police is duty bound to investigate all crimes reported by this or any other means. In the fast-moving digital age, it's important that the LMPS remains open-minded and receptive to innovations in the field of crime prevention. The LMPS has worked with Facewatch amongst others to develop innovative ways for the public to engage with us in helping to reduce crime.”

In other internet security news

New hacking software has just been discovered that's linked to several attacks against governments and organizations involved in high-tech industries such as space exploration and nuclear power.

And the malware has been adapted to exploit a recently uncovered Java security flaw. NetTraveler has been outfitted to exploit a recently patched Java security flaw as part of a watering-hole-style attack involving compromised websites that redirects victims to an attack site hosting exploit code and viruses.

Surfaced a few days ago, the latest variants of the malware appear to be targeting dissident Uyghur activists from China, internet security firm Kaspersky Lab warns.

The company was first to warn about the cyber attack back in June but subsequent checks revealed that the malware has been silently doing the rounds since 2004!

NetTraveler (also known as “Travnet”, “Netfile” or Red Star APT) is an advanced persistent threat that has infected hundreds of high profile victims in more than forty countries. Known targets of NetTraveler include Tibetan/Uyghur activists, oil industry companies, scientific research centres and institutes, universities, private companies, governments and their institutions, embassies and military contractors.

Immediately after the public exposure of NetTraveler's operations in June 2013, the attackers shut down all known command-and-control systems and moved them to new servers in China, Hong Kong and Taiwan.

After the switch, the attacks continued more or less unabated. Over the last few days, several spear-phishing emails were sent to multiple Uyghur activists. The Java exploit (CVE-2013-2465) used to distribute this new variant of the Red Star APT was only patched by Oracle less than two months ago.

Earlier attacks have used Office exploits (CVE-2012-0158) that were patched by Microsoft in April of last year.

More details on the evolution of the threat can be found in a blog post by Costin Raiu, director of global research at Kaspersky Lab.

The Uyghur community is an ethnic group who mostly live in Eastern and Central Asia. The community has long desired independence, or at the very least greater autonomy, from Chinese rule.

In other internet security news

Citadel, the nasty botnet at the very heart of a widely criticized takedown by Microsoft in June of this year, has made a comeback and it's stealing banking credentials again, this time mostly from Japanese users, according to Trend Micro.

The security vendor claims to have found at least nine IP addresses, mostly located in Europe and the United States, functioning as the botnet’s command and control servers.

About 96 percent of the overall connections to these C&C servers come from Japan, proving that most of the banking Trojan infections are from that country alone, suggested Trend Micro.

The security firm added the following in a blog post-- "During a six-day period, we detected no less than 20,000 unique IP addresses connecting to those infected servers, with only a very minimal decrease from beginning to end. This means that there is still a large number of infected systems stealing online banking credentials and sending them to the cybercriminals responsible for the botnet."

The banks and financial institutions targeted in this campaign have already released warnings and advisories to their customers regarding the attack itself.

Users are reminded to read those warnings properly before logging into their online banking accounts. As well as Japanese financial and banking organizations, the botnet has also been targeting popular webmail services such as Gmail, Hotmail and Yahoo Mail, Trend Micro added.

Overall, Citadel was the subject of Operation B54, what Microsoft described back in June as its "most aggressive botnet operation to date".

Working closely with the FBI, financial institutions and other technology firms, Microsoft said it disrupted some 1,400 botnets associated with the Trojan malware, which still managed to grab more than $500 million from several bank accounts around the globe.

But the initiative was slammed by the security community after Microsoft allegedly seized hundreds of domains as part of its swoop which were already being sinkholed by researchers to find out more about the botnet.

Additionally, British security vendor Sophos claimed at the time that the takedown wasn’t nearly as successful as was initially made out.

Threat researcher James Wyke said in a blog post that only half of the 72 Citadel C&C servers Sophos was tracking appeared on Microsoft’s list.

Worse, about 21.4 percent of those on Microsoft’s list failed to point to a sinkhole, implying “either that the sinkholing was unsuccessful or that the domains have already been re-appropriated by the Citadel botnet owners”, he added.

“Overall, takedown efforts such as this can provide immediate benefit to the public by effectively disabling the control channels used to administer a very dangerous piece of Trojan or malware,” said Wyke.

“But the long-term effect of this particular takedown on Citadel is unlikely to be significant. It looks as though many of the botnets weren't knocked out, and rebuilding those that were taken down will not take too long, I would say.”

It now appears that those concerns were well founded. We will keep you updated on this and on other stories.

In other internet security news

Over the weekend, internet users in China were met with very slow response times or no response at all as the country's .cn domain extension came under severe DDoS (distributed denial of service) attacks from many parts of the world.

The attacks were the largest of its kind ever in the history of that country's internet communications, according to the China Internet Network Information Center, a state agency that manages the .cn country TLD (top level domain).

To be sure, the double-barreled attacks took place at around 2.00 AM Sunday, and then again at 4 AM. The second attack was long-lasting and large-scale, according to state media, which said that internet service was slowly being restored in some parts of the country.

Official state media said the attacks targeted websites with the .cn country domain, as well as the popular microblogging site Sina Weibo.

Distributed Denial of Service (DDoS) attacks aren't technically hack attempts per se, since they can be done without breaking into any server systems.

Typically, DDoS attacks overwhelm a website's servers by flooding them with hundreds of thousands of requests per minute. That makes websites either unreachable, extremely slow or unresponsive.

To bring down larger sites, attackers will sometimes organize large numbers of infected computers to send requests all at once.

Chinese authorities closely regulate content and websites available to internet users in the country. The restrictions are extremely sophisticated, leading some to call it "The Great Firewall."

It's still unclear whether the attack is related to political events in China, which appears to be in the midst of carrying out a big crackdown on internet dissent.

The Chinese government is also wrapping up the trial of former political kingpin Bo Xilai, leading some Web users in China to note the timing of the attack.

".Cn domain names under attack?," one user said on Weibo. "Saw this news and laughed. On every 'festive occasion' doesn't China's internet become paralyzed?"

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

Source: Vupen Security.

Save Internet's URL to the list of your favorite web sites in your Web browser by clicking here.

You can link to the Internet Security web site as much as you like.

Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer

Click here to order our special clearance dedicated servers.

Get your Linux or Windows dedicated server today.

Click here to order our special clearance dedicated servers.

Click here to order our special clearance dedicated servers.